1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Single Sign-On

Single Sign-On

4 posts, 0 answered
  1. Christopher Blickley
    Christopher Blickley avatar
    14 posts
    Registered:
    07 Jan 2004
    08 Jan 2011
    Link to this post
    Hello,

    We are currently working on an implementation of Sitefinity (purchased current version but working with the 4.0 version).  One of our requirements is that we be able to restrict the viewing of some of the content to faculty and staff at our University.  I understand how to do that with the built in security, however we need to implement an external signle sign-on system.

    The way our external sign-on system works is that the user directed to an external login site.  Once they authenticate, they are redirected back to our site with a secure token and an HTTP module does the work to decrypt the token and get the identity of the person.

    I'm trying to determine the best way to implement this within Sitefinity.  Its not clear that we can simply build a custom membership module as the documentation explains since we don't have access to anything like a list of users or anything.  All we get is the identity of the person as a trusted employee since they authenticated.

    I was considering the possibility of using the built-in security and when I get the identity of the person, simply checking if they have a user account and if not, create one via the API.

    On to the questions:

    Is there a way to override the default login screen and have the users directed to the external login page instead when it detects that the user needs to login?  I found some reference to single sign-on for version 3.x in the forums, but not for 4.0. The way our HTTP module works is that a "login processing" page within the application would be marked as requiring authentication by our external HTTP module.  WHen the page is accessed, the module intercepts the call and redirects them to the external site.  After logging in, they are returned to the "same page" with the token and then that page would process their login to the Sitefinity application.

    Any recommendation or resources on how to accomplish this?

    How many users can the default "out of the box" security handle?  I suspect that over time we will have tens of thousands of users, which I'm assuming will scale just fine.

    Thanks,
    Chris
  2. Dido
    Dido avatar
    149 posts
    Registered:
    24 Sep 2012
    19 Jan 2011
    Link to this post
    Hi Christopher,

    You can change the login url via configuration: /SecurityConfig/Permissions["Backend"]/LoginUrl and /SecurityConfig/Permissions["Backend"]/AjaxLoginUrl

    The AjaxLoginUrl should automatically close (e.g. window.close() in JavaScript) when login is successfull.

    Your plan is feasible - when you get enough information to judge that a user can login, create a Sitefinity user and log him/her in. To "login" a user, you will need something like

    User sitefinityUser;
    string providerName = null; // using default provider
    bool rememberMe = true;
    UserLoggingReason result = SecurityManager.AuthenticateUser(providerName, "user name", "password", rememberMe, out sitefinityUser);
    bool authenticated = result == UserLoggingReason.Success;

    To "logout" a user, you will need

    SecurityManager.Logout("provider name or null for default", "user name")

    While not directly applicable to Sitefinity, you might find this blog about OpenID integration with ASP.NET helpful.

    As far as max users go, we are limited by OpenAccess. In certain cases, it builds "Contains" statements using recursion (e.g 'is user part of that role'), which is limited by stack size (usually 1MB). A few thousand should work, but we haven't determined an exact limit. I have personally tested with 2 thousand users and the system worked without any slow-down or a problem when developing part of the UI for managing users/roles, but things might have changed since. If you encounter any problems due to max limit reached, please tell us so that we might think of a work-around.

    Greetings,
    Dido
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Christopher Blickley
    Christopher Blickley avatar
    14 posts
    Registered:
    07 Jan 2004
    20 Jan 2011
    Link to this post
    Thanks for this information, I'll dig in and see how it goes.  With regards to the maximum number of users, I am thinking that we will eventually have about 10,000 (we have 30,000 employees and perhaps 1/3 will visit the site).  I can do some testing to see how it goes, but I was wondering how this plays out with the Telerik site.  I believe the Telerik site is driven by Sitefinity and I would imagine that you have many more than 2,000 users.  Does the Telerik site use the standard Sitefinity security or perhaps a custom security provider was built?

    Just curious as I think about how to proceed....

    Thanks,
    Chris
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    16 Jun 2017
    20 Jan 2011
    Link to this post
    Hello ,

    The backend of Telerik.conm uses Sitefinity, the clients section is a custom implementation.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
4 posts, 0 answered